Amendments to the Claims 



This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims: 



1 1 . (Previously Amended) A method for certificate generation that enables efficient 

2 revocation of said certificate, comprising: 

3 at a first node: 

4 receiving a request to issue a certificate on behalf of a principal; 

5 and., 

6 forwarding said request to a second node, wherein said request 

7 includes a first identifier that identifies the first node; and 

8 at the second node: 

9 in response to receipt of the request, generating a certificate that 
10 includes said first identifier. 

1 2. (Original) The method of claim 1 wherein said request further includes a second 

2 identifier that identifies a principal. 

1 3. (Original) The method of claim 2 wherein said certificate further includes a public 

2 key associated with said principal, and said second identifier. 

1 4. (Previously Amended) The method of claim 1 further including authenticating 

2 said certificate by said second node. 

1 5. (Previously Amended) The method of claim 4 wherein authenticating said 

2 certificate comprises generating a certificate digitally signed by said second 

3 node. 
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1 6. (Previously Amended) The method of claim 5 wherein generating said certificate 

2 signed by said second node comprises generating a certificate digitally signed by 

3 said second node using a private key of a public private key pair associated with 

4 said second node. 

1 7. (Original) The method of claim 1 wherein said certificate further includes a time 

2 stamp that identifies a time associated with the request. 

1 8. (Previously Amended) The method of claim 1 further including authenticating 

2 said request by said first node. 

1 9. (Previously Amended) The method of claim 8 wherein authenticating said 

2 request by said first node comprises digitally signing said request. 

1 10. (Previously Amended) The method of claim 9 wherein digitally signing said 

2 request comprises the step of digitally signing said request using a private key of 

3 a public/private key pair associated with said first node. 

1 11. (Original) The method of claim 1 wherein said certificate further includes a time 

2 stamp that is associated with a time and date when said request was received by 

3 said second node. 

1 12. (Withdrawn) A method for determining whether access to a resource should be 

2 provided to a principal in response to a request for access to the resource by the 

3 principal comprising the steps of: 

4 receiving said request for access to said resource from said principal at a 

5 server; 

6 verifying the authenticity of said request using a key contained within a 

7 certificate associated with said principal; 

8 determining whether a registration authority identifier within said certificate 

9 corresponds to a registration identifier contained on a certificate revocation list, 
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10 wherein said registration authority identifier is associated with a registration 

11 authority that requested a certification authority to generate said certificate; and 

12 providing an indication to said server that said certificate has been 

13 revoked and denying access of said principal to said resource in response to a 

14 determination that said registration authority identifier within said certificate 

15 corresponds to a registration authority identifier on said certificate revocation list. 

1 13. (Withdrawn) The method of claim 1 2 wherein said determining step further 

2 comprises the step of determining whether a time stamp contained within said 

3 certificate that specifies a time of receipt of a request from said registration 

4 authority to the certification authority to generate the certificate corresponds to a 

5 period identified on said certificate revocation list during which the respective 

6 registration authority is indicated to be untrustworthy; and 

7 said providing step comprises the step of providing said indication to said 

8 server that said certificate has been revoked and denying access of said principal 

9 to said resource in response to a determination that said registration authority 

10 identifier within said certificate corresponds to said registration authority identifier 

11 on said certificate revocation list and said time stamp within said certificate 

12 corresponds to a time within said period identified on said certificate revocation 

13 list during which said registration authority was indicated to be untrustworthy. 

1 14. (Withdrawn) The method of claim 13 wherein said period has a beginning point 

2 and an assumed ending point, said beginning point being specified by a time 

3 value contained within said certificate revocation list and the assumed ending 

4 point corresponds to a present time value. 

1 15. (Withdrawn) The method of claim 13 wherein said period has a beginning point 

2 and an ending point, said beginning point being specified by a first time value 

3 and the ending point corresponds to a second time value. 
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1 16. (Withdrawn) The method of claim 12 wherein said verifying and determining 

2 steps are performed by said server. 

1 17. (Previously Amended) A certification authority comprising: 

2 a memory containing a computer program for generating a certificate that 

3 enables efficient revocation of said certificate; and 

4 a processor operative to execute said computer program, said computer 

5 program containing program code for: 

6 receiving a request from a registration authority to issue a 

7 certificate on behalf of a principal; and 

8 in response to receipt of said request, generating said certificate 

9 that includes at least a registration authority identifier associated with said 
10 registration authority. 

1 18. (Original) The certification authority of claim 17 wherein said request to issue 

2 said certificate is an authenticated request and said computer program further 

3 includes program code for verifying said authenticated request. 

1 1 9. (Previously Amended) The certification authority of claim 1 7 wherein said 

2 certificate generated by said computer program further includes a principal 

3 identifier associated with said principal and a key associated with said principal. 

1 20. (Original) The certification authority of claim 17 wherein said computer program 

2 further includes program code for storing within said certificate a, time stamp 

3 associated with a time when said certification authority received said request 

4 from said registration authority. 

1 21 . (Withdrawn) A system for determining whether access to a resource should be 

2 provided to a principal in response to a request for access to the resource by the 

3 principal comprising: 
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4 a first server operative to receive a request for access to said resource 

5 from said principal, said first server being operative to verify the authenticity of 

6 said request using a key contained within said certificate associated with said 

7 principal, wherein said certificate includes at least a registration authority 

8 identifier associated with a registration authority that issued a request to a 

9 certification authority to issue said certificate; 

10 a second server containing a certificate revocation list, wherein said 

11 certificate revocation list includes said registration authority identifier in the event 

12 the associated registration authority has been determined to be untrustworthy, 

13 said second server being operative in response to a certificate revocation inquiry 

14 request to ascertain whether said certificate revocation list contains a registration 

15 authority identifier that corresponds to said registration authority identifier within 

16 said certificate; and 

17 said second server being further operative to provide an indication to said 

18 first server that said certificate has been revoked in the event said certificate 

19 revocation list contains said registration authority identifier that corresponds to 

20 said registration authority identifier within said certificate. 

1 22. (Withdrawn) The system of claim 21 wherein said first and second server 

2 comprise a single server. 

1 23. (Withdrawn) The system of claim 21 wherein said first server is further operative 

2 in response to receipt of said indication that said certificate has been revoked to 

3 deny said principal access to said requested resource. 

1 24. (Withdrawn) The system of claim 21 wherein said certificate further includes a 

2 time stamp associated with a time when said certification authority received from 

3 said registration authority said request to issue said certificate on behalf of said 

4 principal; and 

5 wherein said certificate revocation list includes said registration authority 

6 identifier in the event the associated registration authority has been determined 
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7 to be untrustworthy and at least one value defining a time interval during which 

8 said registration authority is deemed to be untrustworthy, 

9 said second server being operative in response to a certificate revocation 

10 inquiry request to provide a revocation inquiry request to provide a revocation 

11 indication if said certificate revocation list contains a registration authority 

12 identifier that corresponds to said registration authority identifier within said 

13 certificate and a time stamp associated with said registration authority identifier 

14 that is within said interval. 

1 25. (Withdrawn) The system of claim 23 wherein said second server comprises a 

2 revocation server. 

1 26. (Withdrawn) The system of claim 25 wherein said revocation server is further 

2 operative in response to said rev9cation indication to forward a certificate 

3 revocation message to said first server that indicates that said certificate has 

4 been revoked. 

1 27. (Withdrawn) The system of claim 26 wherein said first server is operative in 

2 response to said certificate revocation message to deny said principal access to 

3 said requested resource. 

1 28. (Previously Amended) A computer program product including a computer 

2 readable medium, said computer readable medium having a computer program 

3 stored thereon for generating a certificate that enables efficient revocation of said 

4 certificate, said computer program being executable by a processor and 

5 comprising: 

6 program code for receiving a request from a registration authority to issue 

7 a certificate on behalf of a principal; and 

8 program code operative in response to recognition of said request, for 

9 generating by a certification authority a certificate authenticated by said 

10 certification authority wherein said certificate includes at least a principal identifier 
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11 associated with said principal, a key associated with said principal for use in 

12 authenticating messages generated by said principal, and a registration identifier 

13 associated with said registration authority. 

1 29. (Original) The computer program product of claim 28 wherein said program code 

2 for generating said certificate is further operative to include within said certificate 

3 a time stamp associated with a time or receipt by said certification authority of 

4 said request from said registration authority of said request to issue said 

5 certificate. 

1 30. (Previously Amended) A computer data signal, said computer data signal 

2 including a computer program for use in generating a certificate that enables 

3 efficient revocation of said certificate, said computer program comprising: 

4 program code for receiving a request from a registration authority to issue 

5 a certificate on behalf of a principal; and 

6 program code operative in response to recognition of said request, for 

7 generating by a certification authority a certificate authenticated by said 

8 certification authority wherein said certificate includes at least a principal identifier 

9 associated with said principal, a key associated with said principal for use in 

10 authenticating messages generated by said principal, and a registration identifier 

11 associated with said registration authority. 

1 31 . (Original) The computer data signal of claim 30 wherein said program code for 

2 generating said certificate is operative to include within said certificate a time 

3 stamp associated with a time of receipt by said certification authority from said 

4 registration authority of said request to issue said certificate. 

1 32. (Original) The computer data signal of claim 30 wherein said computer program 

2 further includes program code for publishing said certificate. 
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1 33. (Previously Amended) The computer data signal of claim 32 wherein said 

2 program code for publishing said certificate includes program code for forwarding 

3 said certificate to a directory server. 

1 34. (Previously Amended) An apparatus for generating a certificate in a computer 

2 network, wherein said generating of said certificate enables efficient revocation of 

3 said certificate, the apparatus comprising: 

4 means operative in response to receipt of a request from a first node 

5 coupled to said computer network at a second node coupled to said computer 

6 network for generating at said second node a certificate on behalf of a principal 

7 that includes a first node identifier associated with said first node. 

1 35. (Previously Amended) The apparatus of claim 34 wherein said request was 

2 initiated by-a said principal and said request includes a principal identifier 

3 associated with said principal and said certificate further includes said principal 

4 identifier and a public key associated with said principal. 

1 36. (Original) The apparatus of claim 34 wherein said certificate is authenticated by 

2 said second node. 

1 37. (Previously Amended) The apparatus of claim 34 further including means for 

2 comparing said first node identifier to a node identifier associated with an 

3 untrustworthy node on said network that is included within a certificate revocation 

4 list and providing an indication that said certificate is untrustworthy in the event 

5 said first node identifier matches said untrustworthy node identifier. 
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